The third rule of security is: if this is your first time with security you do not invent security protocols.

Inventing, modifying, tweaking, hacking, extending, optimizing, or just about anything else you can do to a cryptographic protocol, hash, algorithm, PRNG, key agreement, or cryptographic technique is a very bad idea.